Menu
All,
I need to digitally sign a zip file. I am not sure how to do that. What does the digital signature do for me? And just as importantly, how do i verify the digital signature?
484
You can get a great reading on JAR signing (http://www.cs.princeton.edu/introcs/85application/jar/sign.html) and having in mind that JAR is a ZIP with a MANIFEST, I'd say you go with JAR signing and that's it.
95
Recent versions of APPNOTE (this is where PKWare publishes ZIP format specification) describe digital signature of ZIP archives. The problem is that they don't let one implement signing functionality and reserve it for their own use in their SecureZip software. From legal point of view you are allowed only to perform validation of ZIP archive signatures.
Our SecureBlackbox component library includes ZIP processing components, which include, among many other functions, validation of ZIP archive signatures. We attempted to acquire a license from PKWare to perform signing as well, but they didn't even discuss such option internally, so they were not able to give us a definite answer.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
